IN THE CLAIMS 



The claims as presently pending are as follows: 

1 . (previously presented) A policy enforcement system for enforcing policies, the 
policies defining what actions of a first type that first entities as defined in a computer 
system may perform on second entities as defined in the computer system, the policy 
enforcement system comprising: 

a policy server, the policy server comprising a policy database of the policies and 
extensibly configured to include policies for actions belonging to an additional type 
thereof, a policy including any action that a user may perform on an information 
resource; and 

a policy enforcer, the policy enforcer configured to: 

control performance of the first type of action; 

communicate a request to perform an action of the first type to the policy 
server; and 

permit performance of the action only if a response from the policy server 
indicates that the policies permit the action, and 

the policy enforcer being extensibly configured to comprise an additional policy 
enforcer, which controls performance of actions of the additional type. 

2. (previously presented) The policy enforcement system of claim 1, wherein the policy 
database is of the class wherein policies are defined as sets of the first entities and sets of 
the second entities and the policy database is further extensible to include an additional 
type of the first entities and/or an additional type of the second entities. 
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3. (previously presented) The policy enforcement system of claim 2, wherein an action 
attribute is associated in the database with a set of the first entities and/or a set of the 
second entities; the action attribute specifying a manner in which an action specified in a 
given policy is to be performed with regard to entities in the set of first entities and/or 
entities in the set of second entities. 

4. (previously presented) The policy enforcement system of claim 3, wherein the 
database is further extensible to include an additional type of action attributes. 

5. (previously presented) The policy enforcement system of claim 1, wherein the 
additional policy enforcer controls performance of actions at a level of the computer 
system that is different from the level at which the policy enforcer control performance 
of actions. 

6. (previously presented) The policy enforcement system of claim 1, wherein at least 
one of the policy enforcers is at a location in the computer system that is remote from the 
policy server. 

7. (cancelled) 
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8. (previously presented) A policy database for implementation in a data storage device 
accessible to a processor, the policy database comprising: 

x at least one policy, the at least one policy defined in terms of sets of first entities, 
sets of second entities, and actions, wherein a given policy defines a given action that an 
entity belonging to a given set of the first entities may perform on an entity belonging to 
a given set of the second entities, the at least one policy subject to association with a 
further condition and, 

the policy database configured to provide the processor, in response to a request 
to the processor, with policy information reflecting whether a particular entity belongs 
to the set of first entities to which the given policy applies to may perform the given 
action on a particular entity belonging to the set of second entities to which the given 
policy applies by determining that the particular entity may not perform the given 
action if the further condition is not satisfied at the time the processor responds to the 
request. 

9. (previously presented) The policy database of claim 8, wherein the further condition 
is a time interval specification associated with the given policy, the time interval 
specification specifying an interval of time during which entities belonging to the given 
set of first entities specified in the given policy may perform the given action specified 
therein on entities belonging to the given set of second entities specified therein. 
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10. (previously presented) A policy database for implementation in a data storage 
device accessible to a processor, the policy database comprising: 

at least one policy, the at least one policy defined in terms of sets of first entities, 
sets of second entities, and actions, wherein a given policy defines a given action that an 
entity belonging to a given set of the first entities may perform on an entity belonging to 
a given set of the second entities, the given set of first entities and/or the given set of 
second entities subject to an association with an action attribute, the action attribute 
specifying a manner in which the given action specified in the given policy is to be 
performed and, 

the policy database configured to provide the processor, in response to a request 
to the processor, with policy information reflecting whether a particular entity may 
perform an action to which the given policy applies in a particular manner by 
determining that the requesting entity may not perform the action unless the particular 
manner is the manner specified by the action attribute. 

11. (previously presented) The policy database of claim 10, wherein the database is 
extensible to include new types of action attributes. 

12. (previously presented) The policy database of claim 10, wherein an action attribute 
condition is associated in the database with an action attribute for the given policy, the 
action attribute condition determining whether a requesting entity belonging to a given 
set of first entities can perform the given action as specified in the action attribute on an 
entity in the given set of second entities at the time the requesting entity makes the 
request. 

13. (currently amended) The policy enforcement system of claim 1, wherein the 
additional type of action is defined by a user of the policy enforcement system and the 
policy enforcement sy&tem includes a user interface for extending the policy database by 
adding the user-defined additional type of action to the policy database. 
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